CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CVE-2026-6383 (GCVE-0-2026-6383)
Vulnerability from cvelistv5 – Published: 2026-04-15 18:22 – Updated: 2026-04-15 18:40
VLAI
Title
Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation
Summary
A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom roles to gain unauthorized access to subresources, potentially disclosing sensitive information or performing actions they are not permitted to do. Additionally, legitimate users may be denied access to resources.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-6383 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2458741 | issue-trackingx_refsource_REDHAT |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
Date Public
2026-04-15 18:03
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6383",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T18:40:06.751506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T18:40:31.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"packageName": "kubevirt",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-15T18:03:18.572Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in KubeVirt\u0027s Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom roles to gain unauthorized access to subresources, potentially disclosing sensitive information or performing actions they are not permitted to do. Additionally, legitimate users may be denied access to resources."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T18:22:30.589Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-6383"
},
{
"name": "RHBZ#2458741",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458741"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-15T18:00:56.227Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-15T18:03:18.572Z",
"value": "Made public."
}
],
"title": "Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-863: Incorrect Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-6383",
"datePublished": "2026-04-15T18:22:30.589Z",
"dateReserved": "2026-04-15T18:03:12.839Z",
"dateUpdated": "2026-04-15T18:40:31.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6406 (GCVE-0-2026-6406)
Vulnerability from cvelistv5 – Published: 2026-05-22 18:32 – Updated: 2026-05-23 03:56
VLAI
Title
Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag
Summary
The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker socket mount via the HostConfig.Mounts field rather than the HostConfig.Binds field. The ECI enforcement in the Docker Desktop API proxy only inspected Binds, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials.
A local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://docs.docker.com/desktop/release-notes/#4590 | release-notes |
| https://www.zerodayinitiative.com/advisories/ZDI-… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Docker | Docker Desktop |
Affected:
4.41.0 , < 4.59.0
(semver)
|
Date Public
2026-04-23 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-22T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T03:56:00.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS",
"Linux",
"Windows"
],
"product": "Docker Desktop",
"vendor": "Docker",
"versions": [
{
"lessThan": "4.59.0",
"status": "affected",
"version": "4.41.0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Docker Desktop with Enhanced Container Isolation (ECI) enabled (requires Docker Business subscription)"
}
],
"value": "Docker Desktop with Enhanced Container Isolation (ECI) enabled (requires Docker Business subscription)"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nitesh Surana (niteshsurana.com) of Trend Research"
}
],
"datePublic": "2026-04-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Docker CLI \u003ccode\u003e--use-api-socket\u003c/code\u003e flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the \u003ccode\u003e--use-api-socket\u003c/code\u003e flag adds the Docker socket mount via the \u003ccode\u003eHostConfig.Mounts\u003c/code\u003e field rather than the \u003ccode\u003eHostConfig.Binds\u003c/code\u003e field. The ECI enforcement in the Docker Desktop API proxy only inspected \u003ccode\u003eBinds\u003c/code\u003e, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials.\u003cbr\u003e\u003cbr\u003eA local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges."
}
],
"value": "The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker socket mount via the HostConfig.Mounts field rather than the HostConfig.Binds field. The ECI enforcement in the Docker Desktop API proxy only inspected Binds, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials.\n\nA local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T18:32:15.959Z",
"orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"shortName": "Docker"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.docker.com/desktop/release-notes/#4590"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-299/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to Docker Desktop 4.59.0 or later. As a workaround, restrict which users can execute Docker CLI commands on the host."
}
],
"value": "Upgrade to Docker Desktop 4.59.0 or later. As a workaround, restrict which users can execute Docker CLI commands on the host."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
"assignerShortName": "Docker",
"cveId": "CVE-2026-6406",
"datePublished": "2026-05-22T18:32:15.959Z",
"dateReserved": "2026-04-15T21:42:36.201Z",
"dateUpdated": "2026-05-23T03:56:00.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6713 (GCVE-0-2026-6713)
Vulnerability from cvelistv5 – Published: 2026-05-27 17:55 – Updated: 2026-05-27 19:22
VLAI
Title
Incorrect Authorization in GitLab
Summary
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/work_items… | |
| https://hackerone.com/reports/3644605 | technical-descriptionexploitpermissions-required |
| https://about.gitlab.com/releases/2026/05/27/patc… |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6713",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T19:22:11.455424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T19:22:57.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "18.10.7",
"status": "affected",
"version": "18.2",
"versionType": "semver"
},
{
"lessThan": "18.11.4",
"status": "affected",
"version": "18.11",
"versionType": "semver"
},
{
"lessThan": "19.0.1",
"status": "affected",
"version": "19.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [pollito](https://hackerone.com/pollito) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T17:55:13.955Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/597490"
},
{
"name": "HackerOne Bug Bounty Report #3644605",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/3644605"
},
{
"url": "https://about.gitlab.com/releases/2026/05/27/patch-release-gitlab-19-0-1-released/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 18.10.7, 18.11.4, 19.0.1 or above."
}
],
"title": "Incorrect Authorization in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2026-6713",
"datePublished": "2026-05-27T17:55:13.955Z",
"dateReserved": "2026-04-20T18:33:22.687Z",
"dateUpdated": "2026-05-27T19:22:57.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6863 (GCVE-0-2026-6863)
Vulnerability from cvelistv5 – Published: 2026-05-06 14:50 – Updated: 2026-05-06 15:27
VLAI
Title
HTTP Filestore Endpoints Misapply Permissions Across Organizations
Summary
Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization (the lowest authenticated role, holding only READ_RESULTS permission ) can issue a single authenticated HTTP GET that can read any files from other orgs - even if they have no explicit permissions in the target org.
However, the problem does not occur in reverse - a user with read access to a sub org is unable to read from other org or the root org.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Improper Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rapid7 | Velociraptor |
Affected:
0 , < 0.76.4, 0.75.9
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6863",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T15:26:49.596766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T15:27:40.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Velociraptor",
"repo": "https://github.com/Velocidex/velociraptor",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "0.76.4, 0.75.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "We thank Faisal Alhumaid (Faisal.alhumaid@hotmail.com) for reporting this issue responsibly."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eVelociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization (the lowest authenticated role, holding only READ_RESULTS permission ) can issue a single authenticated HTTP GET that can read any files from other orgs - even if they have no explicit permissions in the target org.\u003c/p\u003e\u003cp\u003eHowever, the problem does not occur in reverse - a user with read access to a sub org is unable to read from other org or the root org.\u003c/p\u003e"
}
],
"value": "Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization (the lowest authenticated role, holding only READ_RESULTS permission ) can issue a single authenticated HTTP GET that can read any files from other orgs - even if they have no explicit permissions in the target org.\n\n\n\nHowever, the problem does not occur in reverse - a user with read access to a sub org is unable to read from other org or the root org."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T14:54:19.814Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"url": "https://docs.velociraptor.app/announcements/advisories/cve-2026-6863/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo remediate, you will need to\u0026nbsp;\u003ca href=\"https://docs.velociraptor.app/docs/deployment/server/upgrades/#upgrading-a-server-in-place-upgrade\"\u003eupgrade your server\u003c/a\u003e\u0026nbsp;to the latest version of your release:\u003c/p\u003e\u003cul\u003e\u003cli\u003eFor 0.76 releases, upgrade immediately to\u0026nbsp;\u003ca href=\"https://github.com/Velocidex/velociraptor/releases/download/v0.76/velociraptor-v0.76.4-linux-amd64\" target=\"_blank\"\u003ev0.76.4\u003c/a\u003e\u003c/li\u003e\u003cli\u003eFor 0.75 releases, upgrade immediately to\u0026nbsp;\u003ca href=\"https://github.com/Velocidex/velociraptor/releases/download/v0.75/velociraptor-v0.75.9-linux-amd64\" target=\"_blank\"\u003ev0.75.9\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "To remediate, you will need to\u00a0 upgrade your server https://docs.velociraptor.app/docs/deployment/server/upgrades/#upgrading-a-server-in-place-upgrade \u00a0to the latest version of your release:\n\n * For 0.76 releases, upgrade immediately to\u00a0 v0.76.4 https://github.com/Velocidex/velociraptor/releases/download/v0.76/velociraptor-v0.76.4-linux-amd64 \n * For 0.75 releases, upgrade immediately to\u00a0 v0.75.9 https://github.com/Velocidex/velociraptor/releases/download/v0.75/velociraptor-v0.75.9-linux-amd64"
}
],
"source": {
"advisory": "docs.velociraptor.app/announcements/advisories/cve-2026-6863/",
"discovery": "UNKNOWN"
},
"title": "HTTP Filestore Endpoints Misapply Permissions Across Organizations",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2026-6863",
"datePublished": "2026-05-06T14:50:55.631Z",
"dateReserved": "2026-04-22T14:25:24.122Z",
"dateUpdated": "2026-05-06T15:27:40.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8046 (GCVE-0-2026-8046)
Vulnerability from cvelistv5 – Published: 2026-05-26 06:45 – Updated: 2026-05-26 10:48
VLAI
Title
Incorrect Authorization in CODESYS Control
Summary
The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | CODESYS Control RTE (SL) |
Affected:
3.0.0.0 , < 3.5.22.20
(semver)
|
|
| CODESYS | CODESYS Control RTE (for Beckhoff CX) SL |
Affected:
3.0.0.0 , < 3.5.22.20
(semver)
|
|
| CODESYS | CODESYS Control Win (SL) |
Affected:
3.0.0.0 , < 3.5.22.20
(semver)
|
|
| CODESYS | CODESYS HMI (SL) |
Affected:
3.0.0.0 , < 3.5.22.20
(semver)
|
|
| CODESYS | CODESYS Runtime Toolkit |
Affected:
3.0.0.0 , < 3.5.22.20
(semver)
|
|
| CODESYS | CODESYS Control for BeagleBone SL |
Affected:
3.0.0.0 , < 4.21.0.0
(semver)
|
|
| CODESYS | CODESYS Control for emPC-A/iMX6 SL |
Affected:
3.0.0.0 , < 4.21.0.0
(semver)
|
|
| CODESYS | CODESYS Control for IOT2000 SL |
Affected:
3.0.0.0 , < 4.21.0.0
(semver)
|
|
| CODESYS | CODESYS Control for Linux ARM SL |
Affected:
3.0.0.0 , < 4.21.0.0
(semver)
|
|
| CODESYS | CODESYS Control for Linux SL |
Affected:
3.0.0.0 , < 4.21.0.0
(semver)
|
|
| CODESYS | CODESYS Control for PFC100 SL |
Affected:
3.0.0.0 , < 4.21.0.0
(semver)
|
|
| CODESYS | CODESYS Control for PFC200 SL |
Affected:
3.0.0.0 , < 4.21.0.0
(semver)
|
|
| CODESYS | CODESYS Control for PLCnext SL |
Affected:
3.0.0.0 , < 4.21.0.0
(semver)
|
|
| CODESYS | CODESYS Control for Raspberry Pi SL |
Affected:
3.0.0.0 , < 4.21.0.0
(semver)
|
|
| CODESYS | CODESYS Control for WAGO Touch Panels 600 SL |
Affected:
3.0.0.0 , < 4.21.0.0
(semver)
|
|
| CODESYS | CODESYS Virtual Control SL |
Affected:
3.0.0.0 , < 4.21.0.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8046",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T10:44:58.318097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T10:48:37.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.22.20",
"status": "affected",
"version": "3.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.22.20",
"status": "affected",
"version": "3.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.22.20",
"status": "affected",
"version": "3.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.22.20",
"status": "affected",
"version": "3.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Runtime Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "3.5.22.20",
"status": "affected",
"version": "3.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.21.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.21.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.21.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for Linux ARM SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.21.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.21.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.21.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.21.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.21.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.21.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.21.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Virtual Control SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "4.21.0.0",
"status": "affected",
"version": "3.0.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:codesys_control_rte_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.22.20",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:codesys_control_rte_for_beckhoff_cx_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.22.20",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:codesys_control_win_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.22.20",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:codesys_hmi_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.22.20",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:codesys_runtime_toolkit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.22.20",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:codesys_control_for_beaglebone_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.21.0.0",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:codesys_control_for_empc_a_imx6_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.21.0.0",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:codesys_control_for_iot2000_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.21.0.0",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:codesys_control_for_linux_arm_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.21.0.0",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:codesys_control_for_linux_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.21.0.0",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:codesys_control_for_pfc100_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.21.0.0",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:codesys_control_for_pfc200_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.21.0.0",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:codesys_control_for_plcnext_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.21.0.0",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:codesys_control_for_raspberry_pi_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.21.0.0",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:codesys_control_for_wago_touch_panels_600_sl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.21.0.0",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codesys:codesys_virtual_control_sl_:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.21.0.0",
"versionStartIncluding": "3.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ABB AG"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges."
}
],
"value": "The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T06:46:47.189Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://www.certvde.com/en/advisories/VDE-2026-056/"
}
],
"source": {
"advisory": "VDE-2026-056",
"defect": [
"CERT@VDE#642072"
],
"discovery": "UNKNOWN"
},
"title": "Incorrect Authorization in CODESYS Control",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2026-8046",
"datePublished": "2026-05-26T06:45:21.724Z",
"dateReserved": "2026-05-06T17:10:12.759Z",
"dateUpdated": "2026-05-26T10:48:37.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8350 (GCVE-0-2026-8350)
Vulnerability from cvelistv5 – Published: 2026-05-21 20:28 – Updated: 2026-05-22 13:22
VLAI
Title
Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Group
Summary
Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Group. Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove legitimate admins. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 7.5 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. Thanks Vincent55 for reporting.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://documentation.concretecms.org/9-x/develop… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Concrete CMS | Concrete CMS |
Affected:
5.0 , ≤ 9.5.0
(git)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8350",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-22T13:22:41.872694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T13:22:50.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/concretecms/concretecms",
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThanOrEqual": "9.5.0",
"status": "affected",
"version": "5.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vincent55"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eConcrete CMS 9.5.0 and below is vulnerable to m\u003cspan\u003eissing authorization in the bulk_user_assignment.php which can lead to privilege escalation\u0026nbsp;\u003c/span\u003eto Administrative Group\u003cspan\u003e.\u0026nbsp;\u003c/span\u003e\u003cspan\u003eAny authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove legitimate admins.\u003c/span\u003e\u0026nbsp;\u003cspan\u003eThe Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 7.5 with vector\u0026nbsp;\u003c/span\u003eCVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\u003cspan\u003e. Thanks\u0026nbsp;Vincent55 for reporting.\u0026nbsp;\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation\u00a0to Administrative Group.\u00a0Any authenticated user with access to the bulk user assignment dashboard page can add any user email to any group and can remove legitimate admins.\u00a0The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 7.5 with vector\u00a0CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. Thanks\u00a0Vincent55 for reporting."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T20:28:03.032Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/951-release-notes"
}
],
"source": {
"advisory": "https://hackerone.com/reports/3594435",
"defect": [
"HackerONE"
],
"discovery": "EXTERNAL"
},
"title": "Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative Group",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2026-8350",
"datePublished": "2026-05-21T20:28:03.032Z",
"dateReserved": "2026-05-11T16:40:39.812Z",
"dateUpdated": "2026-05-22T13:22:50.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9048 (GCVE-0-2026-9048)
Vulnerability from cvelistv5 – Published: 2026-06-01 23:28 – Updated: 2026-06-02 10:48
VLAI
Title
Slider Revolution 7.0.0 - 7.0.14 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure
Summary
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social media API credentials: the Instagram OAuth token, Flickr API key, YouTube Data API key, and Facebook App ID, stored in any configured slider's settings.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Revolution Slider | Slider Revolution |
Affected:
7.0.0 , ≤ 7.0.14
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T10:39:51.574923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T10:48:28.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Slider Revolution",
"vendor": "Revolution Slider",
"versions": [
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Prickly Cactus"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the \u0027slider.get.full\u0027 AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social media API credentials: the Instagram OAuth token, Flickr API key, YouTube Data API key, and Facebook App ID, stored in any configured slider\u0027s settings."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T23:28:27.185Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4396411-57a2-4bef-9dfb-cbcdc1292de0?source=cve"
},
{
"url": "https://www.sliderrevolution.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-10T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2026-05-19T20:17:23.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-06-01T10:41:53.000Z",
"value": "Disclosed"
}
],
"title": "Slider Revolution 7.0.0 - 7.0.14 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-9048",
"datePublished": "2026-06-01T23:28:27.185Z",
"dateReserved": "2026-05-19T20:01:06.206Z",
"dateUpdated": "2026-06-02T10:48:28.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9350 (GCVE-0-2026-9350)
Vulnerability from cvelistv5 – Published: 2026-05-24 02:45 – Updated: 2026-05-26 17:48
VLAI
Title
NousResearch hermes-agent Batch Runner approval.py check_all_command_guards authorization
Summary
A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365313 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365313/cti | signaturepermissions-required |
| https://vuldb.com/submit/812213 | third-party-advisory |
| https://gist.github.com/YLChen-007/22cada4c9060f5… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NousResearch | hermes-agent |
Affected:
2026.4.0
Affected: 2026.4.1 Affected: 2026.4.2 Affected: 2026.4.3 Affected: 2026.4.4 Affected: 2026.4.5 Affected: 2026.4.6 Affected: 2026.4.7 Affected: 2026.4.8 Affected: 2026.4.9 Affected: 2026.4.10 Affected: 2026.4.11 Affected: 2026.4.12 Affected: 2026.4.13 Affected: 2026.4.14 Affected: 2026.4.15 Affected: 2026.4.16 cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9350",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T17:47:52.773882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T17:48:19.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
],
"modules": [
"Batch Runner"
],
"product": "hermes-agent",
"vendor": "NousResearch",
"versions": [
{
"status": "affected",
"version": "2026.4.0"
},
{
"status": "affected",
"version": "2026.4.1"
},
{
"status": "affected",
"version": "2026.4.2"
},
{
"status": "affected",
"version": "2026.4.3"
},
{
"status": "affected",
"version": "2026.4.4"
},
{
"status": "affected",
"version": "2026.4.5"
},
{
"status": "affected",
"version": "2026.4.6"
},
{
"status": "affected",
"version": "2026.4.7"
},
{
"status": "affected",
"version": "2026.4.8"
},
{
"status": "affected",
"version": "2026.4.9"
},
{
"status": "affected",
"version": "2026.4.10"
},
{
"status": "affected",
"version": "2026.4.11"
},
{
"status": "affected",
"version": "2026.4.12"
},
{
"status": "affected",
"version": "2026.4.13"
},
{
"status": "affected",
"version": "2026.4.14"
},
{
"status": "affected",
"version": "2026.4.15"
},
{
"status": "affected",
"version": "2026.4.16"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-h (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This affects the function check_all_command_guards of the file tools/approval.py of the component Batch Runner. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-24T02:45:10.330Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365313 | NousResearch hermes-agent Batch Runner approval.py check_all_command_guards authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365313"
},
{
"name": "VDB-365313 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365313/cti"
},
{
"name": "Submit #812213 | NousResearch hermes-agent 2026.4.16 Missing Authorization (CWE-862)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/812213"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/YLChen-007/22cada4c9060f5123dde6185135ae3ab"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-23T11:24:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "NousResearch hermes-agent Batch Runner approval.py check_all_command_guards authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9350",
"datePublished": "2026-05-24T02:45:10.330Z",
"dateReserved": "2026-05-23T09:19:30.069Z",
"dateUpdated": "2026-05-26T17:48:19.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9603 (GCVE-0-2026-9603)
Vulnerability from cvelistv5 – Published: 2026-05-26 22:00 – Updated: 2026-05-27 12:55 X_Freeware
VLAI
Title
SourceCodester eDoc Doctor Appointment System delete-session.php authorization
Summary
A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365676 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365676/cti | signaturepermissions-required |
| https://vuldb.com/submit/817935 | third-party-advisory |
| https://github.com/NARKHEDE-VAIBHAV/poc/blob/main… | exploit |
| https://github.com/NARKHEDE-VAIBHAV/poc/blob/main… | exploit |
| https://www.sourcecodester.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | eDoc Doctor Appointment System |
Affected:
1.0
cpe:2.3:a:sourcecodester:edoc_doctor_appointment_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T12:54:43.298048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T12:55:07.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:edoc_doctor_appointment_system:*:*:*:*:*:*:*:*"
],
"product": "eDoc Doctor Appointment System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "vaibhavnarkhede (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "vaibhavnarkhede (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.4,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T22:00:14.230Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365676 | SourceCodester eDoc Doctor Appointment System delete-session.php authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365676"
},
{
"name": "VDB-365676 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365676/cti"
},
{
"name": "Submit #817935 | SourceCodester eDoc Doctor Appointment System 1.0 Missing Authorization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/817935"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/CVE-2026-9603-Missing-Authorization/Advisory.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/CVE-2026-9603-Missing-Authorization/poc.sh"
},
{
"tags": [
"product"
],
"url": "https://www.sourcecodester.com/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-26T19:23:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester eDoc Doctor Appointment System delete-session.php authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9603",
"datePublished": "2026-05-26T22:00:14.230Z",
"dateReserved": "2026-05-26T16:02:52.829Z",
"dateUpdated": "2026-05-27T12:55:07.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9791 (GCVE-0-2026-9791)
Vulnerability from cvelistv5 – Published: 2026-05-28 03:27 – Updated: 2026-05-28 12:19
VLAI
Title
Keycloak-rhel9: organization data leak after feature disabled in keycloak
Summary
A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect (OIDC) token with the 'organization' scope. This allows organization metadata to be disclosed in tokens, even after an administrator has explicitly disabled the Organizations feature, potentially leading to incorrect authorization decisions by resource servers.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-9791 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2482458 | issue-trackingx_refsource_REDHAT |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Build of Keycloak |
cpe:/a:redhat:build_keycloak: |
Date Public
2026-05-28 03:08
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T12:18:58.165713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T12:19:24.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:"
],
"defaultStatus": "affected",
"packageName": "rhbk/keycloak-rhel9",
"product": "Red Hat Build of Keycloak",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Evan Hendra (Independent Security Researcher) for reporting this issue."
}
],
"datePublic": "2026-05-28T03:08:53.319Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect (OIDC) token with the \u0027organization\u0027 scope. This allows organization metadata to be disclosed in tokens, even after an administrator has explicitly disabled the Organizations feature, potentially leading to incorrect authorization decisions by resource servers."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T03:44:12.464Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-9791"
},
{
"name": "RHBZ#2482458",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482458"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-28T03:06:33.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-28T03:08:53.319Z",
"value": "Made public."
}
],
"title": "Keycloak-rhel9: organization data leak after feature disabled in keycloak",
"workarounds": [
{
"lang": "en",
"value": "Administrators should verify that disabling the Organizations feature properly blocks all organization-related functionality. Consider implementing additional access controls or removing organization memberships before disabling the feature."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-863: Incorrect Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-9791",
"datePublished": "2026-05-28T03:27:08.241Z",
"dateReserved": "2026-05-28T03:07:29.305Z",
"dateUpdated": "2026-05-28T12:19:24.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation ID: MIT-4.4
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
Phase: Architecture and Design
Description:
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Phases: System Configuration, Installation
Description:
- Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.